1
0
Fork 0
mirror of https://github.com/ansible-collections/community.general.git synced 2024-09-14 20:13:21 +02:00
community.general/test/integration/targets/vault
Adrian Likins 86dc3c09ac
Fix vault --ask-vault-pass with no tty (#31493)
* Fix vault --ask-vault-pass with no tty

2.4.0 added a check for isatty() that would skip setting up interactive
vault password prompts if not running on a tty.

But... getpass.getpass() will fallback to reading from stdin if
it gets that far without a tty. Since 2.4.0 skipped the interactive
prompts / getpass.getpass() in that case, it would never get a chance
to fall back to stdin.

So if 'echo $VAULT_PASSWORD| ansible-playbook --ask-vault-pass site.yml'
was ran without a tty (ie, from a jenkins job or via the vagrant
ansible provisioner) the 2.4 behavior was different than 2.3. 2.4
would never read the password from stdin, resulting in a vault password
error like:

        ERROR! Attempting to decrypt but no vault secrets found

Fix is just to always call the interactive password prompts based
on getpass.getpass() on --ask-vault-pass or --vault-id @prompt and
let getpass sort it out.

* up test_prompt_no_tty to expect prompt with no tty

We do call the PromptSecret class if there is no tty, but
we are back to expecting it to read from stdin in that case.

* Fix logic for when to auto-prompt vault pass

If --ask-vault-pass is used, then pretty much always
prompt.

If it is not used, then prompt if there are no other
vault ids provided and 'auto_prompt==True'.

Fixes vagrant bug https://github.com/hashicorp/vagrant/issues/9033

Fixes #30993
2017-11-15 14:01:32 -05:00
..
invalid_format Better handling of malformed vault data envelope (#32515) 2017-11-10 14:24:56 -05:00
roles Support multiple vault passwords (#22756) 2017-07-28 15:20:58 -04:00
aliases
empty-password Vault secrets empty password (#28186) 2017-08-15 11:01:46 -04:00
encrypted_file_encrypted_var_password Support multiple vault passwords (#22756) 2017-07-28 15:20:58 -04:00
example1_password Support multiple vault passwords (#22756) 2017-07-28 15:20:58 -04:00
example2_password Support multiple vault passwords (#22756) 2017-07-28 15:20:58 -04:00
example3_password Support multiple vault passwords (#22756) 2017-07-28 15:20:58 -04:00
faux-editor.py Use vault_id when encrypted via vault-edit (#30772) 2017-09-26 12:28:31 -04:00
format_1_0_AES.yml Cyptography pr 20566 rebase (#25560) 2017-06-27 06:00:15 -07:00
format_1_1_AES.yml Cyptography pr 20566 rebase (#25560) 2017-06-27 06:00:15 -07:00
format_1_1_AES256.yml Cyptography pr 20566 rebase (#25560) 2017-06-27 06:00:15 -07:00
format_1_2_AES256.yml Support multiple vault passwords (#22756) 2017-07-28 15:20:58 -04:00
password-script.py Support multiple vault passwords (#22756) 2017-07-28 15:20:58 -04:00
runme.sh Fix vault --ask-vault-pass with no tty (#31493) 2017-11-15 14:01:32 -05:00
runme_change_pip_installed.sh Cyptography pr 20566 rebase (#25560) 2017-06-27 06:00:15 -07:00
test-vault-client.py Vault secrets script client inc new 'keyring' client (#27669) 2017-10-13 15:23:08 -04:00
test_vault.yml
test_vault_embedded.yml
test_vault_embedded_ids.yml Support multiple vault passwords (#22756) 2017-07-28 15:20:58 -04:00
test_vault_file_encrypted_embedded.yml Support multiple vault passwords (#22756) 2017-07-28 15:20:58 -04:00
test_vaulted_inventory.yml
test_vaulted_template.yml Allow template files to be vaulted (#22951) 2017-06-07 14:16:03 -04:00
vault-password
vault-password-ansible Cyptography pr 20566 rebase (#25560) 2017-06-27 06:00:15 -07:00
vault-password-wrong Cyptography pr 20566 rebase (#25560) 2017-06-27 06:00:15 -07:00
vault-secret.txt
vaulted.inventory